Home→News→This 14-year old found Apple’s FaceTime bug before it went viral

Post navigation

This 14-year old found Apple’s FaceTime bug before it went viral

Apple’s Group FaceTime bug that went viral Monday, allowing callers to listen in on unsuspecting recipients took the world by surprise. But someone actually tried to warn the electronics giant about it. Last week.

A Twitter user by the handle of @MGT7500, and identified by The Wall Street Journal as Michele Thompson, wrote on the social media platform on Jan. 20, tagging Apple’s Support page as well as Fox News to try and attract media attention.

“My teen found a major security flaw in Apple’s new iOS. He can listen in to your iPhone/iPad without your approval,”Thompson wrote, “I have video. Submitted bug report to @AppleSupport…waiting to hear back to provide details. Scary stuff! #apple #bugreport @foxnews.”

My teen found a major security flaw in Apple’s new iOS. He can listen in to your iPhone/iPad without your approval. I have video. Submitted bug report to @AppleSupport…waiting to hear back to provide details. Scary stuff! #apple#bugreport@foxnews

After news of the bug went viral Monday night, fellow Twitter user John H. Meyer discovered Thompson’s tweet, reaching out and sharing the video evidence that the bug was, indeed, exploitable last week.

According to the Journal, the bug was discovered by Thompson’s son Grant while he was playing “Fortnite” and FaceTiming with friends.

VIDEO: Here is a video, recorded & sent to Apple by a 14 yr old & his mom, on JAN 23rd, alerting them to the dangerous #FaceTime bug, that has threatened the privacy of millions. I've removed sensitive / private info on behalf of the mother (an attorney), whom I just spoke to. pic.twitter.com/YIBKXEP3mI

Meyer, a venture capitalist at Transpire Ventures, tells in a Twitter direct message that after quickly looking over Thompson’s profile he realized “that she’s been trying for a week to bring attention to this by tweeting at Apple and many different news orgs,” with Meyer eventually speaking with Thompson over the phone Tuesday morning.

In subsequent tweets, Meyer, who has over 9,100 followers on the platform and is a “verified” user, shared additional information. Thompson, Meyer says, is an attorney based in Arizona and the mother of a 14-year old who discovered the bug “around” Saturday, Jan. 19.

While Thompson tweeted at Apple on Jan. 20, she also sent a formal notice to the company on Jan. 25 alerting them of the bug. Meyer shares screenshots provided by the mother, including an email sent to Apple’s product-security@apple.com email address that the company lists as a way for users to report issues to the company.

The email notes it includes a link to the private, unlisted YouTube video posted on Jan. 23 demonstrating the exploit.

Quick facts from my call with the 14 year old’s mom:

– Yes, a 14 year old discovered this bug. He did so "around" Saturday, 1/19

– Mother is a local lawyer in AZ and sent a formal notice to Apple on 1/25

Meyer even shared a screenshot of the bug report the mother sent to Apple on Jan. 25.

Here is the mom’s official bug report to Apple. Note that the mom self-describes as “not at all techy” and was baffled that Apple Support asked her, an average citizen, to sign up for an Apple developer account to then submit an official bug report, in order to be taken seriously pic.twitter.com/PWdrsych5t

In responding to other users on Twitter, the mother notes that while she wanted her son to be rewarded for discovering the bug — some tech companies offer thousands of dollars to people who report issues as an incentive — she says that she did call and fax the company details of the exploit.

At the same time, though, it really looks like he wasn’t willing to disclose it without getting paid first. 🤔 https://t.co/IqrhnSekwB

Hard to judge without seeing the full email chain (Asking for too much money? Might be fake? Why can't wee see the Apple response?), but it looks like Apple screwed up pretty hard by not taking this person seriously. If this is real this is worse than the bug itself imo https://t.co/ff5edjmEUO

After news of the bug went viral Monday Apple finally disabled Group FaceTime late Monday night. The company said in a statement provided and other media outlets Monday night that it is “aware of this issue and we have identified a fix that will be released in a software update later this week.”

Apple declined to elaborate further when we asked about Thompson’s attempts to contact the company.

As for Meyer, he says he was “was absolutely baffled that this could be the case.”

“I thought it was fake at first, before I then successfully replicated the issue by calling my girlfriend. When I learned very early this morning that this was discovered by a 14 year old, who’s mom then spent multiple days trying to bring this to attention at Apple, I was even more surprised (and quite angry),” he writes in a Direct Message message.

“Angry at the fact that she seemed to be ignored for quite a bit of time… While reporting an issue that could affect millions of people’s privacy, as well as our national security,”noting that government workers use iPhones.